The regulation and enforcement of financial technology (Fintech) remains in sharp focus for California’s consumer finance regulator, the Department of Financial Protection and Innovation (DFPI), as it moves into its second year of operation. This Alert provides a short overview of the DFPI’s origins, a comparison of the DFPI’s stated priorities with its regulatory activities in its inaugural year, and an analysis of recent enforcement actions relevant to Fintech.
In August 2020, the California legislature passed Assembly Bill 1864, which included the California Consumer Financial Protection Law (CCFPL), one of the most expansive consumer protection laws in the country, and replaced the Department of Business Oversight (DBO) with the DFPI. As discussed in a contemporaneous blog post in Jenner & Block’s Consumer Law Round-Up, the CCFPL charges the DFPI with regulating “the provision of various consumer financial products and services” and exercising “nonexclusive oversight and enforcement authority under California and federal (to the extent permissible) consumer financial laws.”
To meet its “dual mission to protect consumers and foster responsible innovation,” the CCFPL expanded the scope of the DFPI’s oversight authority powers to cover entities and products not previously regulated by DBO, although it exempted major financial institutions from its reach. The DFPI now oversees nonbank small business lenders and Fintech companies, along with debt relief companies, consumer credit reporting agencies, among others, and can investigate and sanction unlawful, unfair, deceptive, or abusive acts or practices by any person offering or providing consumer financial products or services in the state. The CCFPL also grants the DFPI “the power to bring administrative and civil actions, issue subpoenas, promulgate regulations, hold hearings, issue publications, conduct investigations, and implement outreach and education programs.”
A Comparison of the DFPI’s Stated Priorities with its 2021 Activities
In its first monthly bulletin after the implementation of the CCFPL, the DFPI announced three notable areas of interest. Over a year later, in March 2022, the DFPI published a report summarizing its 2021 activities. A comparison of the two reveals areas of progress and sustained focus.
First, the DFPI promised to “review and investigate consumer complaints against previously unregulated financial products and services, including debt collectors, credit repair and consumer credit reporting agencies, debt relief companies, rent to own contractors, private school financing, and more.” In its annual report, the DFPI reported that it has collected “close to $1 million in restitution for consumers from enforcement actions” and reviewed 30% more complaints in 2021 than in 2020. Notably, “[t]he top categories of [consumer] complaints included debt collection, cryptocurrency, and ‘neo banks’ (fintech companies partnering with banks to offer deposit account services).”
Second, the DFPI prepared to open the Office of Financial Technology Innovation, made “to work proactively with entrepreneurs and create a regulatory framework for responsible, emerging financial products.” Almost immediately, the DFPI signaled its interest in regulating earned wage access (EWA), or the ability for employees to access their wages before their scheduled payday. Not long after publication of its monthly bulletin, the DFPI entered into memoranda of understanding (MOU) with five EWA companies. The companies agreed to deliver quarterly reports beginning April 2021 “on several metrics intended to provide the [DFPI] with a better understanding of the products and services offered and the risk and benefits to California consumers.” Later, the DFPI signed six additional MOU with EWA companies and stated in its annual report that the quarterly reports required in the MOU will “inform future oversight efforts.” The DFPI also indicated potential rulemaking may be forthcoming related to wage-based advances, including the registration of covered persons, record retention, and reporting.
Third, the DFPI stated that it would create the Division of Consumer Financial Protection, which would “feature a market monitoring and research arm to keep up with emerging financial products.” Per its report, the DFPI created a research team in September 2021, which is “in the process of evaluating DFPI’s consumer complaint data to identify broader market trends that may pose risks to consumers.”
Key Areas of DFPI Enforcement Related to Fintech
The Fintech industry has been a focus of DFPI enforcement activity since its inception. In one early action, for instance, the DFPI entered a desist and refrain order against a Fintech platform for allegedly selling securities, including cryptocurrency, without a broker-dealer certificate; misleading consumers in the sale of the securities; and engaging in unlicensed securities transactions.
In the last few months, the DFPI has continued to provide guidance to the industry in a variety of areas, via interpretive opinions and enforcement actions. Companies providing similar financial products and services in California should take note.
- “True lender” and interest rate caps
- In December 2021, the DFPI entered a consent order with a California company that had marketed consumer loans to California borrowers with interest rates in excess of the maximum set by California law. In the consent order, the company agreed not to market or service loans of less than $10,000 with interest rates greater than those set by the California Fair Access to Credit Act. The entrance of the consent order reveals that the DFPI viewed the California company as the true finance lender under the California Financing Law and the CCFPL, even though the company did not fund the loans and had provided servicing and marketing services to its banking partner, a Utah bank that is exempt from California’s usury laws.
- In reaction to the above order, a Fintech platform and nondepository that operates a similar bank partnership program filed suit against the DFPI in March 2022, seeking a declaration that California’s interest rate caps do not apply to its loan program because its Utah bank partner originates and funds the loans. In April 2022, the DFPI filed a cross-complaint, accusing the Fintech platform of deceptive and unlawful business practices, by engaging in a “rent-a-bank” partnership scheme that allows it to evade California interest rate caps and promote predatory lending practices. The cross-complaint alleges that the Fintech platform is the “true lender” of the loans because it has the predominant economic interest in the transaction, as it collects nearly all of the loan profits after purchasing the loans’ receivables from its bank partner within days of their funding, thereby shielding its partner from any credit risk. The DFPI also alleges that the Fintech platform performs traditional lender roles in marketing, underwriting, and servicing the loans. The DFPI seeks at least $100 million in penalties, in addition to restitution to the affected borrowers.
- Wage-based advances and lender licensing
- In a February 2022 interpretive opinion, the DFPI concluded that certain employer-facilitated advances, for which an EWA provider contracts with an employer to offer its employees early access to wages, were not loans under either the California Financing Law, which regulates consumer credit, or the California Deferred Deposit Transaction Law, which regulates payday loans. In reaching this conclusion, the DFPI found that the source of the funding (the employer), the limit on the funding amount (to the amount an employee earned), and the nominal fees associated with the advance counseled against the application of California’s lending laws. Therefore, the inquiring EWA provider and its employer-partner were not required to obtain lending licenses.
- By contrast, the DFPI alleged in two recent enforcement actions that a merchant cash agreement (providing funding in exchange for a percentage of a company’s future revenue) and an income share agreement (providing college tuition funding in exchange for a percentage of the student’s income after graduation) qualify as loans, and such providers must be licensed in accordance with applicable California law.
- Cryptocurrency and digital asset trading
- In a March 2022 interpretive opinion, the DFPI addressed whether the California Money Transmission Act (MTA), which prohibits unlicensed engagement in the business of money transmission in the state, applies to software that provides retail and institutional investors with the ability to buy, sell, and store cryptocurrency. Of note, the MTA defines “money transmission” to include the selling or issuing of “stored value”; the selling or issuing of payment instruments; and the receipt of money for transmission. The DFPI concluded that closed-loop transactions, where the company does not facilitate the exchange of cryptocurrency transactions with a third party and the customer can only redeem monetary value stored in the account for cryptocurrency sold by the company, do not meet the definition of “money transmission.” However, the DFPI explained that it has not determined whether a “wallet storing cryptocurrency” is a form of “stored value” under the MTA. Accordingly, the DFPI did not require the inquiring platform to be licensed in order to provide customers with fiat and digital wallets to store and exchange cryptocurrency with the platform directly. The DFPI noted, however, that the licensing requirements remain subject to change.
- A month earlier, the DFPI concluded in a February 2022 consent order that sales of a cryptocurrency retail lending product qualify as a security under California law. Specifically, the company at issue offered and sold interest-bearing digital asset accounts, “through which investors could lend digital assets to [the company] and in exchange, receive interest” paid in cryptocurrency. The DFPI concluded that these accounts are securities, and that the company had wrongfully engaged in unregistered securities transactions. The DFPI’s decision came shortly after the federal Securities and Exchange Commission charged the company with a similar violation of federal securities laws, finding that the accounts were both “notes” and “investment contracts” because the investors’ digital assets were pooled and packaged as loan products that generated returns for the company and yielded variable monthly interest payments contingent on the company’s deployment and management of the assets.
As this overview makes clear, Fintech remains a top priority for the DFPI’s regulatory and enforcement activity in 2022. Jenner & Block will continue to monitor the DFPI and report on the dynamic regulatory landscape affecting Fintechs.